Cyberwar Commander Survives Senate Hearing

President Obama’s pick to be the 4-star general at the head of the military’s new computer security and cyberwar command sailed through a Senate confirmation hearing Thursday, while revealing virtually nothing about he plans for the new command.

Lieutenant General Keith Alexander has run the National Security Agency for the last five years, and was nominated to simultaneously head the military’s newest command wing, the U.S. Cyber Command. The elevation of computer security to a command – which is always headed by a 4-star general — signals that the Pentagon considers computer security defense to be of utmost importance to its operations.

When asked by Senator Joe Lieberman (I-Connecticut) how serious the threat to the Department of Defense was, Alexander replied that its networks see “hundreds of thousands of probes a day,” though he qualified that quickly by adding “these are not attacks, they are attempts to… scan the network to see what kind of software we are using.”

Currently, the NSA is responsible for securing the government’s classified networks, while DHS now has that responsibility for civilian .gov domains. With the addition of Cyber Command, the authority will be split three ways.

Alexander’s confirmation comes as the latest wave of cyberwar rhetoric is cresting, following espionage intrusions into Google’s servers that were traced to China, and an upcoming book from from onetime cyber czar Richard Clarke called CyberWar that warns the country is at severe risk of computer attack from foreign nations.

Still, Alexander tried to downplay fears that the military plans to take over the internet.

“This is not about the intent to militarize cyber-space,” Alexander said. “My main focus is on building the capacity to secure the military’s operational networks.”

He also said that if called in to help protect civilian networks, the NSA and Cyber Command “will have unwavering dedication to the privacy of American citizens.” Alexander did not mention that the NSA illegally wiretapped American citizens’ phone and e-mails after 9/11, and that both the Bush and Obama administrations have fought efforts to challenge that program in court.

But for all the talk of defending U.S. networks, Thursday’s hearing came amid increased chatter about the military’s ability to stage attacks of its own, something alluded to by the Armed Services Committee’s top Republican, Senator John McCain.

“The continuing intrusion and attacks on our civilian and military networks demand a strong defense and ability to respond offensively when it is necessary,” McCain said.

In his written testimony, Alexander warned of a “policy gap,” putting the military’s capability to attack far ahead of the legal doctrine.

That worries Senator Carl Levin, the Democrat who head the committee. Levin pushed Alexander to explain what the military could do in various online attacks scenarios.

“The policy gap is concerning because cyberweapons are approaching weapons of mass destruction in their effect,” Levin said.

Thursday’s public hearings were more of a show than anything else. Nearly all of Alexander’s real answers to the committee’s written questions were filed in a classified response, including seemingly innocuous queries like, “What are your priorities for the U.S. Cyber Command?”

Alexander did inform the committee, in the written questions, that the U.S. could strike back against a cyber attack without necessarily knowing who the enemy is. “International law requires that our use of force in self-defense be proportional and discriminate,” Alexander wrote. “Neither proportionality nor discrimination requires that we know who is responsible before we take defensive action.”

While it remains unclear what counts as “use of force” online, this statement could mean that the military could hack into a computer that was attacking it, or even use a military botnet to kill another botnet.

But all we really know after today is that there is a “policy gap” between what the military is allowed to do, and what it’s capable of doing, and that someone needs to give the military more legal authority to use its power. That much is not classified.

Also, Alexander will likely be confirmed.

We also know that the military and the NSA care enough about transparency to tell you they care about your privacy, but if they told you anything more than that they’d have to kill your computer.

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.